A continuing OCSP journey.....

R3wted

Hi Everyone,

Working full time my path down OSCP has been long and slow lol. I started about 11 months ago and now have 21 host fully rooted. Although I am definitely no guru, I am happy to share any knowledge that may help people.

I look forward to getting to know you all better.
Cheers

soccarplayer29

I enjoy your username play on words It might be beneficial to jumpstart this discussion with some introduction about yourself, your journey toward OSCP (previous work experience, certifications, study materials, etc.).

Welcome to TE!

mysticag

Hi R3wted,

I am planning to do OSCP certification. I would like to know what are the basics I need to brush up before starting the labs. My background is I am a Automation Test Analyst have Masters in Security Technologies, so I have little bit idea about security and programming.

Any pointers will be helpful.

Cheers

R3wted

Hi Soccarplayer

Thanks for the welcome. I am currently working as a systems administrator at a hospital. I decided I wanted to specialize and chose OSCP on the basis it was a hands on the course and the certification was highly regarded in the industry.The challenge for me doing this course was it was completely new for someone who is completely self taught Fortunately I have made friends who are doing the same course. One has given me numerous URL's to use and well as recommending vulnhub for extra practice
My Main Study books would be RTFM, Web Application Hackers Handbook, Hackers Playbook2

The 21 Hosts hosts I have rooted so far are ALICE,RALPH,PAYDAY,BOB,BOB2,JD,DJ,ORACLE,DOTTY,JEFF,BARRY,MIKE, TOPHAT,KRACKEN,SUSIE,HELPDESK,SEAN,MAIL,TIMECLOCK,KEVIN,.234

Some machines have been real tricky which makes owning then all the bigger buzz

R3wted

Hi mysticag

Firstly good on you for planning to to do OSCP. I would recommend having a play around vulnhub. I didn't know about it until I started the course . I great prep tool I would say
Read as many reviews as yo can. It gave me an idea of what to expect. Knowing a bit of programing is a help and also a good understanding of linux. All these thing I have had to learn on the way.

The course is very rewarding however

p@r0tuXus

R3wted wrote: »

numerous URL's to use

Congrats on your challenge and good luck. I hope to do this by next year. Care to share these URLs?

R3wted

p@r0tuXus wrote: »

Congrats on your challenge and good luck. I hope to do this by next year. Care to share these URLs?

Penetration Testing Methodology - 0DAYsecurity.com
Creating Metasploit Payloads
Reverse Shell **** Sheet | pentestmonkey
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Converting Metasploit Module to Stand Alone
FuzzySecurity | Windows Privilege Escalation Fundamentals
Converting Metasploit Module to Stand Alone
http://www.gironsec.com/WebHacking101.pdf
MSSQL Injection **** Sheet | pentestmonkey
Creating Metasploit Payloads

These are probably my most widely used. Hope they help in some way for you

p@r0tuXus

That was fantastic and exactly what I hoped for, you are a gentleman and a scholar.

Dr. Fluxx

R3wted wrote: »

Penetration Testing Methodology - 0DAYsecurity.com
Creating Metasploit Payloads
Reverse Shell **** Sheet | pentestmonkey
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Converting Metasploit Module to Stand Alone
FuzzySecurity | Windows Privilege Escalation Fundamentals
Converting Metasploit Module to Stand Alone
http://www.gironsec.com/WebHacking101.pdf
MSSQL Injection **** Sheet | pentestmonkey
Creating Metasploit Payloads

These are probably my most widely used. Hope they help in some way for you

Definitely going to check all of these links out.

R3wted

p@r0tuXus wrote: »

That was fantastic and exactly what I hoped for, you are a gentleman and a scholar.

You're welcome p@r0tuXus. When are you looking at doing yours? Happy to give nudges where I can

p@r0tuXus

By year's end, I hope to submit my application/paperwork. Ideally I'd like to start with a 90-day lab access by October 1st. I'm working on L+/LPIC-1 right now and plan to get the CEH and eJPT before I start the OSCP. I think they'll all give me the footing I need to approach it confidently and by the end of the exam I should have a solid cert list I can apply to a world-wide company HQ'd where I'm at. If I get hired there, they'll probably pay for it, so then I could start sooner. If money matters work out by June 1st, I'd like to start CEH, otherwise I"ll have to do it sometime in September. I have solid goals, just flexible timelines because of money. Ah well, it'll happen!

Clm

Question since you have been going at it for 11 months are you just buying more labtime or did you use your labtime up and waiting to test when ready

Dr. Fluxx

p@r0tuXus wrote: »

By year's end, I hope to submit my application/paperwork. Ideally I'd like to start with a 90-day lab access by October 1st. I'm working on L+/LPIC-1 right now and plan to get the CEH and eJPT before I start the OSCP. I think they'll all give me the footing I need to approach it confidently and by the end of the exam I should have a solid cert list I can apply to a world-wide company HQ'd where I'm at. If I get hired there, they'll probably pay for it, so then I could start sooner. If money matters work out by June 1st, I'd like to start CEH, otherwise I"ll have to do it sometime in September. I have solid goals, just flexible timelines because of money. Ah well, it'll happen!

Im also doing the same as far as Linux Plus goes.
But i decided against the CEH.
Its really expensive for what you get.
Ive heard the ejpt would be better spent because of its practicality and direct preparation for the OSCP.
But what it boils down to is cost. For about 300 more US bucks, you can get 30 days for the OSCP, which I felt was much more valuable.
If it was cheaper, by about 300 bucks...being an HR filter as it is, id consider the CEH.

p@r0tuXus

Dr. Fluxx wrote: »

Im also doing the same as far as Linux Plus goes.
But i decided against the CEH.
Its really expensive for what you get.
Ive heard the ejpt would be better spent because of its practicality and direct preparation for the OSCP.
But what it boils down to is cost. For about 300 more US bucks, you can get 30 days for the OSCP, which I felt was much more valuable.
If it was cheaper, by about 300 bucks...being an HR filter as it is, id consider the CEH.

I completely understand. I need all the HR filter buffs I can get, I don't have a B.S. or even an A.S. I have a lot of experience in IT, most of it along the lower wrungs though, Helpdesk, NOC, Tech Support type stuff. I had some network hands-on experience with the NOC but not enough to justify calling myself an engineer. With more labbing and certifications, I'm hoping to lay groundwork for the certs and with enough I should be able to breeze through a B.S. at WGU in a year or two. I think a CEH, OSCP & CISSP in 2 years is doable and will get me more money in the short-term to make the B.S. attainable within that time as well.

Dr. Fluxx

I see. Im on the fence on the CISSP...its seeming to be saturated, especially in the govt sector.
Id look into it after getting the OSCP and quite possibly the OSWA.
Cuz web apps and securing them with pen testing is also becoming huge.
I also don't want to burn myself out.

22306

hey if you like, join a discord group chat we have https://discord.gg/AQwaeGf almost everyone is either working on OSCP or waiting for the start date. come